Category: General
-
ISO-27001 (2013) Vs PCI 3-2-1
This table provides a loose mapping for those interested in the inter-play between ISO-27001 Controls and PCI 3-2-1. Clearly the scope of controls for 27K (2013) greatly exceeds PCI and as such offers an excellent framework within which to deliver PCI compliance Control # Control DSS Req. # Coverage A.10.1.1 Policy on the use…
-
The AI Privacy and Information Security Agency Bulletin: November 2023
Author Niamh Libonatti-Roche Date 07/12/23 Bulletin Hi, It’s been a big month for AI, Privacy and Information Security – with so many important moments it felt like the perfect opportunity to start writing a bulletin, for specialists and non-specialists alike, to summarise the news of the month. Each month’s issue will include headline news…
-
Data Protection and Digital Information Bill
Author Niamh Libonatti-Roche Date 1st December 2023 Executive Summary While the DPA 2018 retains the GDPR in UK law, the Data Protection and Digital Information Bill (DPDI), due to be introduced in Spring 2024, will introduce radical changes to the privacy and data protection regime in the UK. Despite this, it will keep: This Briefing…
-
Report Stage Summary DPDI Bill
Author Niamh Libonatti-Roche Date 1st December 2023 Executive Summary On November 29th, 2023, Government sat to discuss the 240 proposed amendments to the Data Protection and Digital Information Bill. The sheer number of amendments have led the bill to be described as having “more baubles on it than the proverbial Christmas tree”. While many of…
-
Privacy Versus Infosec
Briefing Note: GDPR-ISO-27001-PCI The table below maps GDPR Security requirements against ISO-27001. The infosec aspect of GDPR Art.32 fully satisfied where certification is obtained (GDPR Art.42). As shown in the table below, achieving ISO-27001 certification, leads to a comprehensive level of information security protection that covers all the areas required by GDPR (Art.32). The table…